Firewall Enterprise 8.2.0 Release Notes - McAfee

Release Notes 

McAfee ® 

Firewall Enterprise 

version 8.2.0 

This document provides information about McAfee ® 

Firewall Enterprise version 8.2.0, including 

download and installation instructions. 

You can find additional information by using the resources listed in the following table. 

Table 1 Product resources 

Resource 

Online Help 

Location 

Online Help is built into Firewall Enterprise. Click Help on the toolbar or from a 

specific window. 

McAfee Technical Support Visit mysupport.mcafee.com to find: 

ServicePortal 

• Product documentation 

• KnowledgeBase 

• Product announcements 

• Technical support 

Product updates 

Visit go.mcafee.com/goto/updates to download the latest Firewall Enterprise 

patches. 

Product installation files 1 In a web browser, navigate to www.mcafee.com/us/downloads. 

2 Provide your grant number, then navigate to the appropriate product and 

version. 

In this document ... 

About this release 

Requirements 

New features 

Enhancements 

Resolved issues 

Known issues 

Upgrade a firewall to version 8.2.0 

Perform a new installation 

McAfee Firewall Enterprise 8.2.0 Release Notes 1



Firewall Enterprise version 8.2.0 introduces new features for Firewall Enterprise S model appliances. 

This release also resolves issues present in the previous release. 

Firewall Enterprise version 8.2.0 will be end of life (EOL) one year after certification is complete for the 

next Common Criteria and FIPS certified releases. 

Supported firewall types 

Firewall Enterprise, version 8.2.0 supports: 

• McAfee ® Firewall Enterprise appliances 

• McAfee ® Firewall Enterprise, Virtual Appliance 

• McAfee ® Firewall Enterprise on Riverbed Services Platform 

Note: This release does not support McAfee Firewall Enterprise on Crossbeam X-Series Platform. However, 

McAfee intends to support this platform in the future. 

Installation options 

The following installation options are available for version 8.2.0: 

• Upgrade — Upgrade a firewall from version 8.1.2 to version 8.2.0. 

For upgrade instructions, see Upgrade a firewall to version 8.2.0 in this document. 

• New installation — Re-image a firewall using version 8.2.0 installation media. 

Compatible McAfee products 

Firewall Enterprise version 8.2.0 is compatible with the following McAfee products: 

• McAfee ® Firewall Enterprise ePolicy Orchestrator ® Extension 

• McAfee ® Firewall Enterprise Control Center 

• McAfee ® Firewall Profiler 

• McAfee ® Logon Collector 

• McAfee ® Firewall Reporter 

For more information, see the following resources: 

• To find the latest information on McAfee firewall products and versions that Firewall Enterprise 

supports, refer to KnowledgeBase article KB67462. 

• To learn about these products and how they interoperate with Firewall Enterprise, refer to the Using 

McAfee Firewall Enterprise with Other McAfee Products application note. 

2 McAfee Firewall Enterprise 8.2.0 Release Notes

Requirements 

Requirements 

Before you install version 8.2.0, make sure the Admin Console and Firewall Enterprise requirements are 

met. 

Admin Console requirements 

The computer that hosts the Admin Console must meet these requirements. 

Table 2 Admin Console minimum requirements 

Component 

Requirements 

Operating system One of the following Microsoft operating systems: 

• Windows Server 2008 

• Windows XP Professional 

• Windows Vista 

• Windows 7 

Web browser 

One of the following: 

• Microsoft Internet Explorer, version 7 or later 

• Mozilla Firefox, version 3.0 or later 

Hardware • 2 GHz x86-compatible processor 

• 2 GB of system memory 

• 300 MB of available disk space 

• CD-ROM drive 

• 1024 x 768 display 

• Network card (to connect to your firewall) 

• USB port 


Requirements 

Firewall Enterprise requirements 

The firewall must meet these requirements. 

Table 3 Minimum requirements by Firewall Enterprise type 

Firewall type 

Firewall Enterprise appliance 

Firewall Enterprise, Virtual Appliance 

Platform requirements 

D model appliance or later with a valid support contract 

Virtualization server that meets the following requirements: 

• Hypervisor operating system — VMware ESX/ESXi version 4.0 or 

later 

Note: Firewall Enterprise, Virtual Appliance is installed in 64-bit mode 

by default. Your system must support Intel VT technology (or 

equivalent) for it to run properly in a virtual environment. Before 

starting the virtual appliance, verify that VT is enabled in your 

computer BIOS. 

• Hardware resources: 

• Two virtual processors 

• 512 MB of memory 

Note: If you plan to use features such as virus scanning or 

sendmail, increase the allocated memory to 1024 MB. 

Firewall Enterprise on Riverbed 

Services Platform 

• 28 GB of free disk space 

• Internet connectivity — The firewall requires a persistent Internet 

connection to maintain an active license and full functionality. 

Riverbed Steelhead appliance that meets the following requirements: 

• RiOS version 6.0 or later 

• RSP version 6.0 or later installed and licensed 

• Available RSP slot 

• 512 MB of free memory 

• 28 GB of free disk space 

Note: Firewall Enterprise on Riverbed Services Platform is installed in 

32-bit mode by default. 


New features 

New features 

The following new features are included in this release. 

IPv6 support 

This release introduces IPv6 support for the following configurations: 

• Failover High Availability (HA) — Supports IPv6 in peer-to-peer and primary/standby HA cluster 

configurations 

• Domain name system (DNS) — Supports split DNS with IPv6 configurations 

• Border Gateway Protocol (BGP) — Allows exchange of IPv4 and IPv6 routes 

Note: IPv6 is enabled by default in 8.2.0. 

IPv6 support for failover HA 

Failover HA supports IPv6 addresses for all cluster interfaces except heartbeat and backup heartbeat 

interfaces. These cluster interfaces support IPv4 addresses, IPv6 addresses, or both. 

Note: The heartbeat and backup heartbeat must use IPv4 addresses. IPv6 addresses are not supported. 

The following restrictions apply: 

• For each shared IPv6 address, cluster firewalls must be assigned an individual IPv6 address in the 

same scope. 

• Load sharing HA does not support IPv6. 

IPv6 support for DNS 

Both split server DNS and single server DNS configurations are supported with IPv6 enabled. You can 

also have IPv4 and IPv6 DNS resolution over IPv4 or IPv6 addresses. 

IPv6 support for BGP 

BGP peers can exchange IPv4 and IPv6 routes. The following configurations are supported: 

• BGP IPv4 — BGP IPv4 route distribution over IPv4 or IPv6 network transport 

• BGP IPv6 — BGP IPv6 route distribution over IPv6 or IPv4 network transport 


Enhancements 

Enhancements 

The following enhancements are included in this release. 

FIPS 140-2 compliance 

Firewall Enterprise can be configured to comply with Federal Information Processing Standard (FIPS) 

140-2. Use the FIPS window to enable or disable FIPS 140-2 processing on the firewall. 

Common Criteria 

A McAfee Firewall Enterprise network environment can be configured to comply with Common Criteria 

evaluation standards. 

Usability improvements 

This release includes the following usability enhancements. 

• Admin Console — From the Access Control Rules window, select the Application Defense groups and 

McAfee ® 

Global Threat Intelligence reputation options while defining access control rules. 

• Documentation — The product guide has been streamlined to clarify topics and optimize Admin 

Console option definitions. 




This release resolves the following issues. 

Admin Console 

• Improves the stability of the graphical user interface BGP editor 

• Improves the performance of dashboard when viewing data from firewall with a significant number of 

blackholed IP addresses 

• Improves parsing of DNS configuration files during DNS interface modification 

• Enhances Application defense usability 

• Allows choosing of user_name as a column in the graphical user interface Audit Viewer 

• Allows use of 0 as a netmask in VPN security associations 

• Resolves the failed to connect to SSL issue when the audit viewer is launched in a new application 

window 

• Resolves an issue with managing DNS configurations when non-resolvable NS or MX records are 

present 

• Supports policies that use deprecated applications on the Rule Interactions tab 

• Makes the Rule Interactions tab consistent with McAfee Firewall Enterprise Control Center 

• Fixes the port display for the Deny All rule on the Rule Interactions tab 

• Fixes an issue on the Rule Interactions tab with unsaved data on the Access Control Rules window 

• Fixes the save issue for the Auto-recover on Reconnect checkbox on the High Availability window 

• Fixes a dashboard timeout issue on the primary firewall 

• Addresses issues with handling of SmartFilter custom sites 

Command line interface 

• Allows implied entry type on cf interface add_addresses operations 

• Corrects display of policy out of cf policy showtables to display redirections and REDIR flag 

Crypto 

• Resolves incorrect UNIX permissions on fetched Certificate Revocation List (CRL) files 

• Fixes NAT-T support for password-based dynamic VPNs 

• Updates Trusted Internet CAs with the new list from Mozilla 

• Removes DigiNotar from the list of Trusted Internet CAs 

Firewall Policy Report 

• Includes AppPrism and IPS signature versions in the Firewall Policy Report 

• Displays ports configured for the rules in the policy 



High Availability 

• Improves failover processing when an interface failure occurs 

• Resolves a startup issue that occurs during simultaneous booting of nodes in a peer-to-peer cluster 

• Resolves an issue with a down interface on a load sharing primary 

• Shares last application cache with secondary nodes 

Policy 

• Allows UDP proxy rules that pass IPv4 and IPv6 with redirection to pass both address families 

• Improves memory use during activation of large complex rule sets 

• Improves validation of IPv4 addresses in configuration 

• Improves validation of upstream proxy validation in the HTTP Application Defense 

• Improves error checking when including generic Application Defense in an Application Defense group 

• Improves usability with changes to policy validation and compilation 

• Improves usability with better defaults for SSL rules 

• Ensures that traffic is proxied if the policy requests it 

• Resolves an issue with netgroups containing too many host objects 

• Resolves a validation issue when using an application with multiple capabilities in a policy 

• Resolves a traceback issue when using time periods with IPv6 enabled 

• Fixes a timing issue in acld that causes Bad file descriptor traceback in audit 

• Fixes an issue with netmaps when handling IPv6 traffic 

• Fixes an error when using Geo-Location objects as endpoints in SSL rules 

• Fixes a validation issue when adding a zone with an index of 63 

• Cleans up the posting of listens so that proxies listen to interfaces that are specified only in the policy 

Proxies 

• Resolves the broken SmartFilter logo issue in block pages when Remote SmartFilter Administration 

Console is enabled 

• Resolves an issue with truncation of group names when passing user information from Passport to 

SmartFilter 

• Resolves an interface issue with DHCP Relay 

• Resolves an issue with authenticated redirections 

• Fixes handling of pings on a secondary node in a load sharing HA cluster to clean up attack audits 

• Fixes a problem with the SmartFilter URL when using a non-default port 

• Fixes Passport authentication handling when using Web login with active session mode 

• Addresses UDP session hang on secondary nodes in a load sharing HA cluster 

• Citrix — Improves error handling in the UDP Citrix proxy 

• FTP — Adds support for QUOTE command in the FTP proxy 



• HTTP 

• Resolves an issue with the HTTP proxy to perform IPS scanning in URLs 

• Corrects logging of HTTPS sites in SF.log when using remote SmartFilter console 

• Prevents accidental HTTP protocol enforcement for non-HTTP protocols 

• Provides stability fixes for the HTTP proxy 

• Resolves an issue of denied headers in HTTP and blocked headers in the SMTP proxy 

• Resolves session hang in the HTTP proxy when using SmartFilter 

• Re-enables in-band authentication for non-transparent HTTPS 

• Restores special case handling of in-band Passport authentication handling for non-transparent 

HTTP 

• Adds attack detection and mitigation for slow header attacks on HTTP protocol 

• Allows non-transparent HTTP to use minimal inspection 

• Allows timeout invalid DNS responses to do subsequent re-querying 

• H.323 — Addresses H.323 handling of unregistration request messages without call signal addresses 

• SMTP 

• Improves the SMTP proxy debugging audits 

• Resolves hang in the SMTP proxy during configuration changes under some circumstances 

• Allows use of the BDAT verb in the SMTP proxy 

• SNMP — Improves the stability of the SNMP proxy 

• SSH — Relaxes validation of the X11 forwarding originator address field in the SSH proxy 

• Sun RPC — Improves error handling when passing Sun RPC through a proxy 


Known issues 

System 

• Improves debugging support on large memory systems 

• Improves handling of DHCP addresses when modifying interfaces 

• Improves error handling when processing audit files with corrupted data 

• Allows passing of multicast traffic through the firewall when using transparent bridged interface and 

Link aggregation (LAGG) 

• Supports the configuration of more than two interfaces on a bridge 

• Adds AAAA records to BIND's root cache for the D and I root servers 

• Rejoins multicast groups for IP filter rules when interfaces change 

• Resolves a problem that dropped routing tables when zone modes are changed on a transparent 

firewall 

• Resolves a problem that restarts a device when installing multiple packages before all packages are 

completely installed 

• Resolves an issue with hostd performance 

• Resolves a Type Enforcement error when exiting from emergency maintenance mode 

• Fixes a Type Enforcement error when reconfigure mail is run when existing mail messages are queued 

in /var/spool/mqueue.c 

• Fixes the kernel stability issues 

• Corrects data returned by UCD-SNMP-MIB::ssCpuIdle.0 and 

HOST-RESOURCES-MIB::hrProcessorLoad SNMP OIDs 

• Cleans up the extraneous debug audits from hostd 

Security updates 

• Resolves CVE-2011-1910 and CVE-2011-2464 for BIND 

• Resolves CVE-2010-1674 and CVE-2010-1675 for Quagga BGP 

Known issues 

For information about known issues for Firewall Enterprise version 8.2.0: 

1 Visit mysupport.mcafee.com. 

2 Log on with your user ID and password. The ServicePortal homepage appears with a welcome 

message at the top. 

• If you do not have an account but have received a grant number: 

• In the User Login section, click New User. 

• Complete the information and follow the prompts to set up your account. 

• If you do not have an account or grant number, contact Customer Service. 

3 In the Self Service section, click Search the KnowledgeBase. The KnowledgeBase welcome page 

appears. 

4 In the Ask a Question section, type KB72785, then click Ask. The KnowledgeBase article appears with 

any known issues. 




Select the upgrade method that is appropriate for your firewall type. 

• Upgrade a standalone firewall or HA cluster 

• Upgrade a Control Center-managed firewall or HA cluster 

Note: Your firewall must be at version 8.1.2 to upgrade to version 8.2.0 as described in this section. Refer to 

the Firewall Enterprise Release Notes, version 8.1.2 for details. 

Upgrade a standalone firewall or HA cluster 

Use the Admin Console to upgrade a standalone firewall or HA cluster to version 8.2.0. Perform these 

tasks in order: 

1 Create a configuration backup 

2 Download the 8.2.0 package 

3 Install the 8.2.0 package 

4 Update the Admin Console 

5 Verify that version 8.2.0 is installed 

Note: To upgrade a High Availability cluster, upgrade the secondary/standby firewall first, then upgrade the 

primary firewall. 

Create a configuration backup 

McAfee recommends that you create a configuration backup before upgrading. Backing up the 

configuration files lets you quickly restore a firewall. 

For instructions on creating a configuration backup, refer to the McAfee Firewall Enterprise Product 

Guide. 

Download the 8.2.0 package 

Perform the appropriate procedure to download the 8.2.0 package. 

• If your firewall has Internet connectivity, follow the steps under Download the package using the 

Admin Console. 

• If your firewall does not have Internet connectivity, follow the steps under Manually load the package. 

Download the package using the Admin Console 

Downloading the patch moves it from the McAfee FTP site to the firewall but does not install it. 

To download the patch from the network: 

1 Select Maintenance | Software Management. 

2 Click the Manage Packages tab. 

3 Display the available packages. 

a 

b 

Click Check for Updates. When the operation is complete, a pop-up window appears. 

Click OK. Packages appear in the table with a status of Available. These packages are available for 

downloading from the McAfee FTP site. 

Tip: To configure this action to occur automatically, use the Download Packages tab. 

4 Select the 8.2.0 package, then click Download. Click Yes to confirm. 

A “successfully loaded” message appears, and the package status changes to Loaded. 



Manually load the package 

If your firewall is not connected to the Internet, use a web browser to download the package, then 

manually load the package on the firewall. 

1 Use a web browser to download the 8.2.0 package. 

a 

b 

c 

Go to go.mcafee.com/goto/updates. 

Scroll down to the McAfee Firewall Enterprise Upgrades and Patches entry for version 8.2.0, then 

click Download. 

Enter a valid Firewall Enterprise serial number, then click Submit. 

d Click Download Patch for version 8.2.0. 

2 Place the 8.2.0 file where the firewall can access it. Choose one of these options: 

• Local FTP site — Place the package on an FTP site that the firewall has access to. 

• HTTPS website — Place the package on an HTTPS website that the firewall has access to. 

• CD — Place the package in a /packages directory on a CD, then insert the CD into the firewall 

CD-ROM drive. 

• Directory on the firewall — Use SCP to copy the package to the /home directory of your firewall 

administrator account. 

Note: To transfer files to the firewall using SCP, SSH access must be enabled on the firewall. 

3 In the Admin Console, go to Maintenance | Software Management, then click the Download 

Packages tab. The Download Packages tab appears. 

Tip: For option descriptions, click Help. 

4 Click Perform Manual Load Now. The Manual Load window appears. 

5 Specify where the 8.2.0 package is stored. 

a 

From the Load packages from drop-down list, select the appropriate method to load the package. 

• FTP — Select if you placed the package on a local FTP site 

• HTTPS — Select if you placed the package on an HTTPS website 

• CDROM — Select if you created a CD that contains the package 

• File — Select if you copied the package to your home directory on the firewall 

b In the Packages field, type 8.2.0. 

c 

d 

Complete the remaining fields as appropriate. 

Click OK. A confirmation message appears. 

6 Click Yes. The firewall loads the package from the specified location. When the operation is complete, 

a message appears. 

7 Click OK. 

8 Verify that 8.2.0 is loaded on your firewall. 

a 

b 

Click the Manage Packages tab. 

Verify that the Status of the 8.2.0 package is Loaded on . 



Install the 8.2.0 package 

Perform this procedure to install the 8.2.0 package on your firewall. This package also includes a 

separate Admin Console update. 

Note: The firewall will restart during the patch installation. 

To install this patch on your firewall from the Admin Console: 


2 Click the Manage Packages tab. 

3 Select 8.2.0 from the list of packages, then click Install. 

4 Select Install now, then click OK. 

A warning appears stating that the firewall will restart after the patch is installed. 

5 Click Yes. 

The package is installed, then an Error message appears stating that the connection to the server 

has been lost. 

6 Click OK. 

The Admin Console is disconnected and the firewall restarts. 

Update the Admin Console 

After the firewalls, update the Admin Console by connecting to the firewall. 

1 Reconnect the Admin Console to the firewall. 

A message appears prompting you to install an Admin Console update. 

2 Click Yes. 

The Admin Console update downloads, then a message appears asking if you want to install the 

package now. 

3 Click Yes. 

The Admin Console closes and the InstallShield Wizard window appears. 

4 Click Next. 

A progress bar appears while the Admin Console update installs. When the installation completes, 

the Update Complete window appears. 

5 Click Finish. The Admin Console opens. 

Verify that version 8.2.0 is installed 

After the Admin Console update completes, verify that version 8.2.0 is installed on your firewall. 

1 Reconnect the Admin Console to the firewall. 


3 On the Manage Packages tab, verify that the status for 8.2.0 is Installed. 

• If the patch status is still Loaded, call technical support. 

• You can also click View Package Details or View Log to see information about the installation. 

The patch is now installed. 



Patch rollback 

If the installed patch does not work to your satisfaction, you can use the Rollback feature to restore the 

firewall to a previous state. 

Caution: If you use the Rollback feature, any configuration changes made after the patch was installed are 

lost. Therefore, rolling back is a recommended recovery option for only a short time after a patch installation. 

Note: A rollback always requires a restart. 

To restore the firewall to a previous state: 


2 Click the Rollback tab. 

3 Click Rollback Now, or select Schedule Rollback for to schedule a time for the rollback. 

Upgrade a Control Center-managed firewall or HA cluster 

Use Control Center to upgrade firewalls and clusters managed by Control Center. 

Caution: Do not use the Firewall Enterprise Admin Console to install a patch directly on a managed firewall. 

1 Upgrade your Control Center to version 5.2.0 or later. For instructions, see the McAfee Firewall 

Enterprise Control Center Release Notes, version 5.2.0. 

2 Use Control Center to upgrade the managed firewall or cluster to version 8.2.0. For instructions, see 

the McAfee Firewall Enterprise Control Center Product Guide. 




To install version 8.2.0, use the appropriate procedure for your Firewall Enterprise platform: 

• Firewall Enterprise appliance 

• Firewall Enterprise, Virtual Appliance 

• Firewall Enterprise on Riverbed Services Platform 

Note: This release does not support McAfee Firewall Enterprise on Crossbeam X-Series Platform. However, 

McAfee intends to support this platform in the future. 

Firewall Enterprise appliance 

To re-image your firewall to version 8.2.0, perform these tasks in order: 


2 Download Firewall Enterprise software 

3 Download the Product Guide 

4 Install the Management Tools 

5 Install Firewall Enterprise 

6 Complete post-installation instructions 


When you perform a new installation on your firewall, all configuration and log information is removed. 

McAfee recommends that you create a configuration backup and save it off the firewall. Backing up the 

configuration files lets you quickly restore a firewall. 


Guide. 

Download Firewall Enterprise software 

Perform this procedure to download the version 8.2.0 files. 

1 In a web browser, navigate to www.mcafee.com/us/downloads. 

2 Provide your grant number, then navigate to the appropriate product and version. 

3 Download the appropriate files. 

• Management Tools — Download the McAfee Firewall Enterprise Admin Console executable (.exe) 

file or CD image (.iso) file. 

Tip: Select the CD image file if you want to create a CD for use in installing the Management Tools. 

• Version 8.2.0 image — Download the installation CD image (.iso) file or USB image (.zip) file. 

Tip: Select the USB image file if your appliance does not have a CD-ROM drive. 

4 Create physical installation media using the downloaded installation files. 

• Write the .iso file(s) to a CD. 

Note: If you downloaded multiple .iso files, use a separate CD for each file. 

• If you downloaded the USB image file, write the image to a USB drive. Refer to KnowledgeBase 

article KB69115 for instructions. 



Download the Product Guide 

Download the McAfee Firewall Enterprise Product Guide so you have it available during the planning and 

setup process. 

1 Go to the McAfee Technical Support ServicePortal at mysupport.mcafee.com. 

2 Under Self Service, click Product Documentation. 

3 Select the appropriate product and version. 

4 Download the version 8.2.0 product guide. 

Install the Management Tools 

Perform this procedure to install the Management Tools on a Windows-based computer. The 

Management Tools include: 

• Quick Start Wizard — Creates the initial configuration for the firewall 

• Admin Console — Manages the firewall 

Note: Firewall Enterprise management tools are version-specific. You cannot connect to a version 8.x firewall 

using an older version of the Admin Console. However, you can have multiple management tools that co-exist 

on the same Windows-based computer. 

1 Launch the installation process: 

• If you downloaded the executable (.exe) file, locate the file on your computer, then double-click it. 

• If you downloaded the CD image (.iso) file and used it to create a CD, insert the CD into the 

appropriate drive. 

The welcome window appears. 

2 Follow the on-screen instructions to complete the setup program. 

Note: McAfee recommends using the default settings. 

Tip: Consider installing an SSH client on your computer. Use the SSH client to provide secure command line 

access to the firewall. 

Install Firewall Enterprise 

Use this procedure to install version 8.2.0 on your appliance. 

1 Boot the firewall from the physical installation media that you created. 

• Installation USB drive: 

• If the firewall is on, insert the USB drive and restart. 

• If the firewall is off, insert the USB drive and turn on the firewall. 

• Installation CD: 

• If the firewall is on, insert the CD and restart. 

• If the firewall is off, turn it on and quickly insert the CD. 

The firewall starts and displays standard boot-up information. 

2 When the firewall starts, configure it to boot from the inserted installation media. 

• Models without a CD-ROM drive — Enter the boot menu, then select the installation USB drive. 

• Models with a CD-ROM drive — By default, the boot order is set to check the CD drive first. If 

the boot order has been altered and does not check the CD drive first, restart and enter the BIOS 

to adjust the boot order accordingly. 

The firewall boots from the installation media. 



3 At the McAfee Inc. menu, accept the default, which is the Operational System. The welcome menu 

appears. 

4 At the Welcome to McAfee Firewall Enterprise menu, select a Firewall Enterprise boot option. 

• If you are using a locally attached terminal, press Enter to accept the default. 

• If you intend to use a serial console, type 4 and press Enter. 

5 When the installation complete message appears, remove the installation media from the firewall. 

6 Press R to restart the firewall, then press Enter. The firewall restarts and displays standard restart 

information. 

Firewall Enterprise version 8.2.0 is now installed on your appliance. 

Complete post-installation instructions 

Now that you have installed Firewall Enterprise, you are ready to configure and start up the firewall. For 

complete setup instructions, refer to the following chapters in the McAfee Firewall Enterprise Product 

Guide, version 8.2.0: 

• Planning 

• Installation and configuration 

• Startup 



Firewall Enterprise, Virtual Appliance 

To install Firewall Enterprise, Virtual Appliance, version 8.2.0, perform these tasks in order: 


2 Download Firewall Enterprise, Virtual Appliance software 

3 Download the Installation Guide 

4 Install the virtual firewall 


If you are replacing an existing Firewall Enterprise, Virtual Appliance, McAfee recommends that you 

create a configuration backup. Backing up the configuration files lets you quickly restore a firewall. 


Guide. 

Download Firewall Enterprise, Virtual Appliance software 

Perform this procedure to download version 8.2.0 files. 



3 Download the virtual image (.zip) file. 

Download the Installation Guide 

You will use the McAfee Firewall Enterprise, Virtual Appliance Installation Guide during the planning and 

setup process. 




4 Download the version 8.x installation guide. 

Install the virtual firewall 

Refer to the McAfee Firewall Enterprise, Virtual Appliance Installation Guide, version 8.x, to install the 

virtual firewall. 

The high-level installation steps include: 

1 Install the virtual firewall on a VMware ESXi server. 

a 

b 

c 

d 

On your ESXi server, create an isolated port group, and name it unconfigured. 

Import the firewall. 

Configure network mappings for the firewall. 

Perform initial firewall configuration. 

2 Install the Management Tools on a Windows-based computer. 



Firewall Enterprise on Riverbed Services Platform 

To install Firewall Enterprise version 8.2.0 on Riverbed Services Platform, perform these tasks in order: 


2 Download the Firewall Enterprise for Riverbed package 

3 Download the Installation Guide 

4 Install Firewall Enterprise on your Riverbed Steelhead appliance 


If you are replacing an existing Firewall Enterprise on Riverbed Services Platform, McAfee recommends 

that you create a configuration backup. Backing up the configuration files lets you quickly restore a 

firewall. 


Guide. 

Download the Firewall Enterprise for Riverbed package 

Perform this procedure to download the Firewall Enterprise RSP package and Admin Console. 



3 Download the Firewall Enterprise package. 

Download the Installation Guide 

You will use the McAfee Firewall Enterprise on Riverbed Services Platform Installation Guide during the 

planning and setup process. 




4 Download the version 8.x installation guide. 

Install Firewall Enterprise on your Riverbed Steelhead appliance 

Refer to the McAfee Firewall Enterprise on Riverbed Services Platform Installation Guide, version 8.x, to 

install the firewall. 

The high-level installation steps include: 

1 Install the firewall on your Riverbed Steelhead appliance. 

a 

b 

c 

d 

Add the Firewall Enterprise package to RSP. 

Install the firewall in an available slot. 

Configure the RSP data flow to direct network traffic through the firewall. 

Perform initial firewall configuration. 

2 Install the Management Tools on a Windows-based computer. 



For support information, visit mysupport.mcafee.com. 

Copyright © 2011 McAfee, Inc. All Rights Reserved. 

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language 

in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. 

700-3493A00

Firewall Enterprise 8.2.0 Release Notes - McAfee

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?